Skip to main content
Information to the interested party on data protection

5.88. Third parties

Description of the activity

Accounting control and support for the execution of the AEAT budget and for the management of payments and collections from creditors and debtors for budgetary and extra-budgetary operations of the AEAT.


Supplier accounting control.


According to article 6.1.c of EU Regulation 2016/679, personal data may be processed when “the processing is necessary for compliance with a legal obligation applicable to the data controller”.


  • People who have a commercial relationship with the AEAT by supplying goods or services and other creditors and debtors for budgetary and extra-budgetary operations of the AEAT


  • NIF/DNI, Name and Surname, Address
  • Commercial information, Transactions of goods and services: identification data, payment method and account, type of relationship with the AEAT and other data of the budgetary or extra-budgetary operation with which it is related to the AEAT


  • Collection
  • Record
  • Storage
  • Structuring
  • Modification
  • Update
  • Copy
  • Analysis
  • Enquiry
  • Extraction
  • Promotion
  • Interconnection
  • Limitation
  • Suppression
  • Destruction
  • Other


are not foreseen

International transfers

are not foreseen

Planned deadlines for deletion

The data collected will not be deleted and will remain in the databases of the State Tax Administration Agency (AEAT) in order to cover possible legal requirements or other types of claims that may arise.


Does not apply

Technical/organizational measures

All data processed has been evaluated through a risk analysis, having obtained a list of technical and organizational measures to apply.

These measures have been applied in accordance with the approved adaptation plan.